Summary

The KittyBridge contract add destinationChain, sourceChain and sender to allowlist, but there is no function in the contract that removes them from the allowlist.

Vulnerability Details

The functions KittyBridge::allowlistDestinationChain, KittyBridge::allowlistSourceChain, and KittyBridge::allowlistSender are designed to add a destination chain, source chain, and sender to their respective allowlists. These functions accept two parameters: an identifier (which can be a chain selector or an address) and a boolean allowed flag. These functions add entities to the allowlists by setting the allowed flag to true, but there is no explicit mechanism to revoke these roles once granted. The functions are designed to update the status based on the allowed parameter, but the KittyBridge contract does not include logic to setting the status to false.

Impact

Once a destinationChain, sourceChain or sender is allowlisted, there is no way to set the allowed flag to false, it remains permanently allowlisted.

Tools Used

Manual Review

Recommendations

Implement logic to allow the allowed flag to be set to false, enabling the revocation of previously allowlisted destinationChain, sourceChain and sender.